----- Original Message -----
From: "Dave Crocker" <dcrocker(_at_)bbiw(_dot_)net>
Hmmm. Come to think of it, I'm inclined to interpret the Postel
dictum as meaning that a broken signature (for whatever reason) is
the same as no signature. Pretend it wasn't there.
That's the most robust (liberal) handling by the validator.
So maybe DKIM has remained within the fold.
Dave,
The Wolves (Bad Actors) will lick their chops with that interpretation,
and have.
"Postel's Law": "be conservative in what you do, be liberal in what you
accept from others" (often reworded as "be conservative in what you
send, be liberal in what you receive").
http://en.wikipedia.org/wiki/Postel's_Law
I've always interpreted this natural law philosophy to mean where there
is an indeterminate decision, a resultant first based on everything
being done as expected, you side with acceptance.
In the "good actor" world, the sender will tend to be correct without
ambiguity thus lowering confusion for the receiver. The expectation is
you are doing thing correctly. Where there is an indecision, you side
with acceptance.
Of course, for DKIM, it should all depend on the "reason" for the
breakage.
In the case of a bad expiration attribute, that should be an immediate
red flag for rejection with a high payoff, low false positives.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html